Remove references to pdwait4(2) and CAP_PDWAIT from rights(4)

@cem removed references to pdwait4(2) (a nonexistent syscall) in r320058. This change removes references to pdwait4(2) and `CAP_PDWAIT` in rights(4) to not mislead the user into thinking that pdwait4(2)/`CAP_PDWAIT` is actually implemented in the stock FreeBSD kernel. The goal of this functionality was to simplify monitoring/manipulating processes started with `pdfork`, et al, and avoid races with waiting on pids. The syscall was never completed though--just discussed on the capsicum mailing list back in 2015: https://lists.cam.ac.uk/pipermail/cl-capsicum-discuss/2015-May/msg00012.html . That being said, there are members of the project (@rwatson, etc) who have longterm goals to implement this syscall to better secure pdfork(2) calls. PR: 235871 Reviewed by: emaste Discussed with: rwatson Approved by: emaste (mentor) MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D18950
2019-02-28 18:12:14 +00:00 · 2019-02-28 18:12:14 +00:00 · 1ece6232d2
commit 1ece6232d2
parent 8ebb14b1c6
2 changed files with 7 additions and 5 deletions
--- a/share/man/man4/rights.4
+++ b/share/man/man4/rights.4
@ -32,7 +32,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd April 30, 2018
+.Dd February 28, 2019
 .Dt RIGHTS 4
 .Os
 .Sh NAME
@ -467,9 +467,6 @@ Permit
 .It Dv CAP_PDKILL
 Permit
 .Xr pdkill 2 .
-.It Dv CAP_PDWAIT
-Permit
-.Xr pdwait4 2 .
 .It Dv CAP_PEELOFF
 Permit
 .Xr sctp_peeloff 2 .
--- a/sys/sys/capsicum.h
+++ b/sys/sys/capsicum.h
@ -246,7 +246,12 @@
 /* Process management via process descriptors. */
 /* Allows for pdgetpid(2). */
 #define	CAP_PDGETPID		CAPRIGHT(1, 0x0000000000000200ULL)
-/* Allows for pdwait4(2). */
+/*
+ * Allows for pdwait4(2).
+ *
+ * XXX: this constant was imported unused, but is targeted to be implemented
+ *      in the future (bug 235871).
+ */
 #define	CAP_PDWAIT		CAPRIGHT(1, 0x0000000000000400ULL)
 /* Allows for pdkill(2). */
 #define	CAP_PDKILL		CAPRIGHT(1, 0x0000000000000800ULL)